Jurisdiction and cloud computing: Further challenges to Internet jurisdiction

Copyright © 2013 Kluwer Law InternationalThe importance of this timely research can also be evidenced by the recent European Commission Decision of 18.06.2013 on setting up the Commission Expert Group on Cloud Computing Contracts ((2013/C 174/04)

Advice to Archives arising from "E-ARK Legal Issues Report: European Cultural Preservation in a Changing Legislative Landscape"

The adoption by the EU of the Data Protection Directive (95/46/EC) marked a pivotal moment in the history of European personal data protection. Two decades later, the fundamental principles around which the Directive was structured continue to be relevant, but the ever-increasing pace of technological change, and globalisation have undoubtedly presented challenges for data protection that the original Directive is ill-equipped to address. The world of the early 21st Century is the world of social networking, apps, cloud computing, location-based services and smart cards. It is almost impossible for individual citizens to go about their daily business, or to buy goods and services without leaving digital footprints. Without effective control over how this information is stored and used, the potential for adverse consequences is obvious. With the introduction of the “General Data Protection Regulation”[1], the European Commission has modernised the EU legal system for the protection of personal data. One of the key policy objectives behind the revisions was to make more consistent the implementation and application of the protection of personal data in all areas of the Union's activities. Anticipated benefits included the strengthening of the rights of individuals, reduced administrative overhead, and an improved flow of personal data within the EU and beyond. The new regime introduces new concepts, and revises the understanding of those drawn from earlier data protection regulation. Not everything has changed, but a great deal has, and nothing should be taken for granted. In the E-ARK deliverable D2.2 “E-ARK Legal Issues Report: European Cultural Preservation in a Changing Legislative Landscape”[2], readers will find a section by section comparison of the existing regulation with the text of the GDPR. The purpose of the current document is to supplement that analysis with a very abbreviated set of discrete recommendations targeted, primarily, at the archives community. In this report suggestions are made under five key areas: The Obligations and Liabilities of Data Controllers Consent Personal Data Breach Notification Transfers of personal data Legal enforcement & Penalties Where advice is offered, it is couched in terms of: what one should Ensure happens what one should Monitor what one should Consider [1] Regulation (EU) 2016/679 [2] Available from the E-ARK website at http://www.eark-project.com/resources/project-deliverables/33-d22-legal-issues-report-european-cultural-preservation-in-a-changing-legislative-landscap

Online Personal Data Processing and EU Data Protection Reform. CEPS Task Force Report, April 2013

This report sheds light on the fundamental questions and underlying tensions between current policy objectives, compliance strategies and global trends in online personal data processing, assessing the existing and future framework in terms of effective regulation and public policy. Based on the discussions among the members of the CEPS Digital Forum and independent research carried out by the rapporteurs, policy conclusions are derived with the aim of making EU data protection policy more fit for purpose in today’s online technological context. This report constructively engages with the EU data protection framework, but does not provide a textual analysis of the EU data protection reform proposal as such

Online privacy: towards informational self-determination on the internet : report from Dagstuhl Perspectives Workshop 11061

The Dagstuhl Perspectives Workshop "Online Privacy: Towards Informational Self-Determination on the Internet" (11061) has been held in February 6-11, 2011 at Schloss Dagstuhl. 30 participants from academia, public sector, and industry have identified the current status-of-the-art of and challenges for online privacy as well as derived recommendations for improving online privacy. Whereas the Dagstuhl Manifesto of this workshop concludes the results of the working groups and panel discussions, this article presents the talks of this workshop by their abstracts

Cross-disciplinary lessons for the future internet

There are many societal concerns that emerge as a consequence of Future Internet (FI) research and development. A survey identified six key social and economic issues deemed most relevant to European FI projects. During a SESERV-organized workshop, experts in Future Internet technology engaged with social scientists (including economists), policy experts and other stakeholders in analyzing the socio-economic barriers and challenges that affect the Future Internet, and conversely, how the Future Internet will affect society, government, and business. The workshop aimed to bridge the gap between those who study and those who build the Internet. This chapter describes the socio-economic barriers seen by the community itself related to the Future Internet and suggests their resolution, as well as investigating how relevant the EU Digital Agenda is to Future Internet technologists

Investigating the tension between cloud-related actors and individual privacy rights

Historically, little more than lip service has been paid to the rights of individuals to act to preserve their own privacy. Personal information is frequently exploited for commercial gain, often without the person’s knowledge or permission. New legislation, such as the EU General Data Protection Regulation Act, has acknowledged the need for legislative protection. This Act places the onus on service providers to preserve the confidentiality of their users’ and customers’ personal information, on pain of punitive fines for lapses. It accords special privileges to users, such as the right to be forgotten. This regulation has global jurisdiction covering the rights of any EU resident, worldwide. Assuring this legislated privacy protection presents a serious challenge, which is exacerbated in the cloud environment. A considerable number of actors are stakeholders in cloud ecosystems. Each has their own agenda and these are not necessarily well aligned. Cloud service providers, especially those offering social media services, are interested in growing their businesses and maximising revenue. There is a strong incentive for them to capitalise on their users’ personal information and usage information. Privacy is often the first victim. Here, we examine the tensions between the various cloud actors and propose a framework that could be used to ensure that privacy is preserved and respected in cloud systems